NAME

SYNOPSIS

DESCRIPTION

The chown() function shall change the user and group ownership of a file.

The path argument points to a pathname naming a file. The user ID and group ID of the named file shall be set to the
numeric values contained in owner and group, respectively.

Only processes with an effective user ID equal to the user ID of the file or with appropriate privileges may change the
ownership of a file. If _POSIX_CHOWN_RESTRICTED is in effect for path:

Changing the user ID is restricted to processes with appropriate privileges.

Changing the group ID is permitted to a process with an effective user ID equal to the user ID of the file, but without
appropriate privileges, if and only if owner is equal to the file's user ID or ( uid_t)-1 and group is equal
either to the calling process' effective group ID or to one of its supplementary group IDs.

If the specified file is a regular file, one or more of the S_IXUSR, S_IXGRP, or S_IXOTH bits of the file mode are set, and the
process does not have appropriate privileges, the set-user-ID (S_ISUID) and set-group-ID (S_ISGID) bits of the file mode shall be
cleared upon successful return from chown(). If the specified file is a regular file, one or more of the S_IXUSR, S_IXGRP,
or S_IXOTH bits of the file mode are set, and the process has appropriate privileges, it is implementation-defined whether the
set-user-ID and set-group-ID bits are altered. If the chown() function is successfully invoked on a file that is not a
regular file and one or more of the S_IXUSR, S_IXGRP, or S_IXOTH bits of the file mode are set, the set-user-ID and set-group-ID
bits may be cleared.

If owner or group is specified as ( uid_t)-1 or ( gid_t)-1, respectively, the corresponding ID of
the file shall not be changed. If both owner and group are -1, the times need not be updated.

Upon successful completion, chown() shall mark for update the st_ctime field of the file.

RETURN VALUE

Upon successful completion, 0 shall be returned; otherwise, -1 shall be returned and errno set to indicate the error. If
-1 is returned, no changes are made in the user ID and group ID of the file.

ERRORS

The chown() function shall fail if:

[EACCES]

Search permission is denied on a component of the path prefix.

[ELOOP]

A loop exists in symbolic links encountered during resolution of the path argument.

[ENAMETOOLONG]

The length of the path argument exceeds {PATH_MAX} or a pathname component is longer than {NAME_MAX}.

[ENOTDIR]

A component of the path prefix is not a directory.

[ENOENT]

A component of path does not name an existing file or path is an empty string.

[EPERM]

The effective user ID does not match the owner of the file, or the calling process does not have appropriate privileges and
_POSIX_CHOWN_RESTRICTED indicates that such privilege is required.

[EROFS]

The named file resides on a read-only file system.

The chown() function may fail if:

[EIO]

An I/O error occurred while reading or writing to the file system.

[EINTR]

The chown() function was interrupted by a signal which was caught.

[EINVAL]

The owner or group ID supplied is not a value supported by the implementation.

[ELOOP]

More than {SYMLOOP_MAX} symbolic links were encountered during resolution of the path argument.

[ENAMETOOLONG]

As a result of encountering a symbolic link in resolution of the path argument, the length of the substituted pathname
string exceeded {PATH_MAX}.

The following sections are informative.

EXAMPLES

None.

APPLICATION USAGE

Although chown() can be used on some implementations by the file owner to change the owner and group to any desired
values, the only portable use of this function is to change the group of a file to the effective GID of the calling process or to a
member of its group set.

RATIONALE

System III and System V allow a user to give away files; that is, the owner of a file may change its user ID to anything. This
is a serious problem for implementations that are intended to meet government security regulations. Version 7 and 4.3 BSD permit
only the superuser to change the user ID of a file. Some government agencies (usually not ones concerned directly with security)
find this limitation too confining. This volume of IEEE Std 1003.1-2001 uses may to permit secure implementations
while not disallowing System V.

System III and System V allow the owner of a file to change the group ID to anything. Version 7 permits only the superuser to
change the group ID of a file. 4.3 BSD permits the owner to change the group ID of a file to its effective group ID or to any of
the groups in the list of supplementary group IDs, but to no others.

The POSIX.1-1990 standard requires that the chown() function invoked by a non-appropriate privileged process clear the
S_ISGID and the S_ISUID bits for regular files, and permits them to be cleared for other types of files. This is so that changes in
accessibility do not accidentally cause files to become security holes. Unfortunately, requiring these bits to be cleared on
non-executable data files also clears the mandatory file locking bit (shared with S_ISGID), which is an extension on many
implementations (it first appeared in System V). These bits should only be required to be cleared on regular files that have one or
more of their execute bits set.

FUTURE DIRECTIONS

SEE ALSO

CHANGE HISTORY

Issue 6

The following changes are made for alignment with the ISO POSIX-1:1996 standard:

The wording describing the optional dependency on _POSIX_CHOWN_RESTRICTED is restored.

The [EPERM] error is restored as an error dependent on _POSIX_CHOWN_RESTRICTED. This is since its operand is a pathname and
applications should be aware that the error may not occur for that pathname if the file system does not support
_POSIX_CHOWN_RESTRICTED.

The following new requirements on POSIX implementations derive from alignment with the Single UNIX Specification:

The requirement to include <sys/types.h> has been removed. Although <sys/types.h> was required for conforming implementations of previous POSIX
specifications, it was not required for UNIX applications.

The value for owner of ( uid_t)-1 allows the use of -1 by the owner of a file to change the group ID only. A
corresponding change is made for group.

The [ELOOP] mandatory error condition is added.

The [EIO] and [EINTR] optional error conditions are added.

A second [ENAMETOOLONG] is added as an optional error condition.

The following changes were made to align with the IEEE P1003.1a draft standard:

Clarification is added that the S_ISUID and S_ISGID bits do not need to be cleared when the process has appropriate
privileges.

The [ELOOP] optional error condition is added.

End of informative text.

UNIX ® is a registered Trademark of The Open Group.
POSIX ® is a registered Trademark of The IEEE.
[ Main Index | XBD | XCU | XSH | XRAT
]